Run down on Microsoft’s patch Tuesday by Rapid7

June’s Microsoft Patch Tuesday bulletin has just been released and David Picotte, manager of security engineering at Rapid7, had several thoughts to share on the topic:

“This month Microsoft has released 8 security bulletins, affecting all supported
platforms through remote code execution and elevation of privilege. Of the 8
Microsoft security bulletins, two are critical. Both critical bulletins (MS15-056
and MS15-057) are phishing based attacks requiring execution of a specially crafted
website or specially crafted Microsoft Office file. An escalation of privilege could
be possible in Microsoft Exchange Server (MS15-064) by means of Server-Side Request
Forgery (SSRF) [CVE-2015-1764] and Cross-site Request Forgery (CSRF)
[CVE-2015-1771]; Administrators, be sure to patch your Exchange servers ASAP.

Accompanying Microsoft’s patch updates, Adobe has also released a security update
for Adobe Flash Player and AIR affecting Windows, Macintosh and Linux. These updates
result in vulnerability fixes for 13 CVEs that could potentially enable an attacker
to control affected systems.

Overall this is a pretty low key Patch Tuesday release. However, be vigilant that
users are paying special attention to phishing attacks.”